March 2011 Archives

As I wrote the other day, the theme of combining IAM w/ BI continued during day two of the Gartner IAM Summit in London. Perry Carpenter, an analyst w/ Gartner, brought it up again in his talk on best practices for administer user accounts, and other delegates I spoke to said it was mentioned in a lot of lectures they attended throughout the day as well. Every person I talked w/ was having a hard time swallowing the BI pill though. One IAM pure play vendor that I chatted w/ said it was nonsense to think that "shoving" the output of his program into some BI tool would provide additional value; it would create a mess, he said.

All this made me think: Gartner's value is in guidance. Why would they suggest to their clients that they consider this unless they truly believe it was correct? IMO, they wouldn't; however, that doesn't mean they are. So, are they? Will coupling IAM w/ BI provide additional value to the business? I think so. To see why, consider Forrester's estimation of the provisioning market size through the end of 2014:

How is it that the provisioning market is shooting up so fast? The report which I nabbed that graphic from, Identity Management Market Forecast: 2007 to 2014, has suggestions of course, but some that occur to me include these:

There are many sources of identity throughout an enterprise (HRS, ERP, CRM, etc.), and automating account management across them all requires hundred of connections and automated workflows.

There's no accepted standard for provisioning, so the work is custom and/or costly.

The big suite vendors are charging ~50K USD per connection.

So, the need is great and the cost is high. This makes the market huge. However, the prediction, which Carpenter told me Gartner also made, isn't coming true. Companies just aren't willing to pay. Because of this, smaller pure play vendors are stepping in and charging a lot less per connection (~10K USD); some are even selling their provisioning products with an unlimited number of free connections. These things together will eventually undermine the business model of the suite vendors, Carpenter suggested to me. At that point, they will be more willing to fix the provisioning standard. Till then, what choices do people have?

Firstly, companies can select pure play vendor that offers lower connection costs. Alternatively, they can abstract a large number of LDAP and relational identity stores behind a meta directory, and pony up for a costly connection to it. Thirdly, they can combine their provisioning solution with BI. By creating a handful of connection to commonplace identity stores, enterprises can avoid high implementation costs. For the dozens or hundreds of other connections, organizations can use BI to figure out if they are out of compliance and close that gap manually if they are. So, coupling BI with IAM, for provisioning at least, is a really good idea that deserves further exploration.

What about other areas of IAM like federation? Does combining federation w/ BI provide additional business value? Stay tuned for my thoughts on that.

The first day of the Gartner Identity and Access Management (IAM) Summit in London had an unexpected theme. One of the first keynotes which James Richardson delivered was about transforming IAM by coupling it w/ BI. In this, he talked about how IAM professionals need to collaborate with others in the organization who are in charge of BI to deliver more value to the business through their identity programs. This notion of marrying IAM w/ BI was picked up by other Gartner analysts like Earl Perkins who discussed how the value of IAM is increased through identity and access intelligence. It also came up in their colleague, Perry Carpenter's, talk about choosing a user provisioning vendor. In his frank presentation (which I really appreciated for the bluntness), he said that what is needed in many cases is not another provisioning connector, but a "sheen" of BI that gives the business actionable intelligence that it can use to close the audit gap. He said that he thinks the focus of the IAM industry will shift to intelligence through the end of 2013. Talking to other attendees in the evening, however, some thought it was just something new to say to make Gartner sound forward-thinking and insightful. Others found the juxtaposition spot on. Me? I'm not sure. Too jet legged to think straight ATM.